Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Running Untrusted Code in Node
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
Dave Wasmer
February 25, 2014
Technology
0
320
Running Untrusted Code in Node
Running untrusted code in Node in a safe mode while handling the lode.
Dave Wasmer
February 25, 2014
Tweet
Share
More Decks by Dave Wasmer
See All by Dave Wasmer
The Future is Now: Ember in 2018
davewasmer
0
99
UX Mental Models
davewasmer
4
490
Enterprise and Mobile Web
davewasmer
0
82
Kinvey @ PhoneGap Day US
davewasmer
1
160
Other Decks in Technology
See All in Technology
CDKで始めるTypeScript開発のススメ
tsukuboshi
1
340
生成AIを活用した音声文字起こしシステムの2つの構築パターンについて
miu_crescent
PRO
1
130
Deno・Bunの標準機能やElysiaJSを使ったWebSocketサーバー実装 / ラーメン屋を貸し切ってLT会! IoTLT 2026新年会
you
PRO
0
300
usermode linux without MMU - fosdem2026 kernel devroom
thehajime
0
220
~Everything as Codeを諦めない~ 後からCDK
mu7889yoon
3
290
2026年、サーバーレスの現在地 -「制約と戦う技術」から「当たり前の実行基盤」へ- /serverless2026
slsops
2
220
Tebiki Engineering Team Deck
tebiki
0
24k
We Built for Predictability; The Workloads Didn’t Care
stahnma
0
130
All About Sansan – for New Global Engineers
sansan33
PRO
1
1.3k
Meshy Proプラン課金した
henjin0
0
250
Stately
mu7889yoon
1
110
Introduction to Sansan, inc / Sansan Global Development Center, Inc.
sansan33
PRO
0
3k
Featured
See All Featured
Hiding What from Whom? A Critical Review of the History of Programming languages for Music
tomoyanonymous
2
410
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
122
21k
Bridging the Design Gap: How Collaborative Modelling removes blockers to flow between stakeholders and teams @FastFlow conf
baasie
0
450
Scaling GitHub
holman
464
140k
Visualization
eitanlees
150
17k
Future Trends and Review - Lecture 12 - Web Technologies (1019888BNR)
signer
PRO
0
3.2k
How to audit for AI Accessibility on your Front & Back End
davetheseo
0
180
Tips & Tricks on How to Get Your First Job In Tech
honzajavorek
0
430
The Cult of Friendly URLs
andyhume
79
6.8k
Designing for Performance
lara
610
70k
Heart Work Chapter 1 - Part 1
lfama
PRO
5
35k
Leveraging Curiosity to Care for An Aging Population
cassininazir
1
160
Transcript
Running untrusted code in Node in a safe mode while
handling the lode
lode?
Dave Wasmer @davewasmer Developer @ Kinvey yep, this slide …
Kinvey Backend as a service … and this one.
What goes into backend as a service?
None
Lots o’ stuff • Data storage • User management •
Twitter, Facebook, G+, LinkedIn • OAuth, LDAP, Active Directory • File storage • don’t forget CDN delivery • Push notifications • Emails • 3rd Party API Integration • Analytics • a whole lot more ..
What if CRUD ain’t enough?
enter: Business Logic!
Run your code on our servers
Custom JavaScript execution?!
eval(customerCode); // Genius, mirite? NO!
The Problem We needed a safe, scalable way to run
arbitrary (possibly malicious) JavaScript on our servers.
Safety • Can’t allow access to: • filesystem • shared
memory • Kinvey internals • State is evil!
Scalablity • Needs to scale horizontally • i.e. spin up
new instances on-demand • automatically add to resource pool • Optimize for usage • not running huge computations - short, frequent bursts of activity • 2x per API request is possible!
Our solution to scalability KCS KCS KCS KBL KBL KBL
Redis Work Master Child Child Child Child
Our solution to scalability KCS KCS KCS KBL KBL KBL
Redis Work Master Child Child Child Child
Our solution to scalability KCS KCS KCS KBL KBL KBL
Redis Work Master Child Child Child Child
Our solution to scalability KCS KCS KCS KBL KBL KBL
Redis Work Master Child Child Child Child
Our solution to scalability Work Master Child Child Child Child
Safety Concerns • How to run arbitrary JS code? •
Three issues • System access (filesystem, network, etc) • Application access (application state, data, etc) • Stupidity / DoS (while (true), forgot to signal async completed)
System access • Filesystem • Severely limited or none •
Network • Partially limited
Our solution to system access ! // Setting things up
! try { script = vm.createScript(codeAsStr); } catch (e) { // syntax error! } ! sandbox = generateNewSandbox()
generateNewSandbox = function(){ ! var sandbox = {}; sandbox.complete =
function(){ runNextTask(); }; sandbox.whateverYouWant = function(){ ... } return sandbox; ! } Our solution to system access
! // Running the untrusted script try { script.runInNewContext(sandbox) }
catch (e) { // e will be any immediate (synchronous) // runtime errors } Our solution to system access
Application access • Data • Permissions
Our solution to application access ! // inside generateNewSandbox() !
sandbox.db = { find: function(query, callback) { // do db stuff callback(null, result) // <- Careful! }, ... }
Stupidity / DoS • while (true) {} // single-threaded ftw!
• function onPreSave(req, res, modules) { doSomeAsyncStuff() } // kthxbai • function doSomeAsyncStuff() { setTimeout(function(){ throw new Error() }, 100000); // muhahaha }
Our solution to stupidity / DoS Work Master Child Child
Child Child
Our solution to stupidity / DoS Work Master Child Child
Child Child
Our solution to stupidity / DoS ! // For handling
callback errors process.on(‘uncaughtException’, function(){ // handle it here });
Wrap-up
davewasmer
tsukuboshi
miu_crescent
you
thehajime
mu7889yoon
slsops
tebiki
stahnma
sansan33
henjin0
tomoyanonymous
panda_program
baasie
holman
eitanlees
signer
davetheseo
honzajavorek
andyhume
lara
lfama
cassininazir
